New RATs Target Windows, Game Utilities for Access

Rising RAT threats: Steaelite, gaming Trojan, and DesckVB KazakRAT variants emerge.

  • Attackers are distributing a new Remote Access Trojan (RAT) disguised as gaming software through browsers and chat apps.
  • The malware uses stealthy techniques, modifies Microsoft Defender, and connects to an external server for command-and-control.
  • A powerful new “all-in-one” RAT called Steaelite is being advertised on criminal forums, combining data theft with ransomware deployment from a single panel.
  • Two additional new RAT families, DesckVB RAT and KazakRAT, have also been discovered targeting specific entities.

In late February 2026, researchers uncovered a campaign where cybercriminals distribute trojanized gaming utilities via online platforms to deploy a remote access trojan. The Microsoft Threat Intelligence team explained the attack uses a malicious Java downloader and living-off-the-land binaries for stealth. This multi-purpose malware acts as a loader, runner, and RAT to exfiltrate data and deploy other payloads.

- Advertisement -

The threat also establishes persistence and configures Microsoft Defender exclusions to avoid detection. Consequently, defenders are advised to audit these exclusions and scheduled tasks immediately. Meanwhile, a separate, far more comprehensive threat has emerged on the cybercrime market.

BlackFog disclosed a new Windows RAT family first advertised in November 2025 called Steaelite, marketed as a “best Windows RAT” with fully undetectable capabilities. Security researcher Wendy McCague said it “enables complete double extortion from one tool” by combining ransomware with data theft. The tool can disable antivirus, remove competing malware, and offers extensive features like live streaming and credential theft.

In recent weeks, two other new RAT families have also been discovered. One is the open-source DesckVB RAT available on GitHub, providing remote control capabilities. The other, KazakRAT, is suspected to be the work of a state-affiliated group and has been detailed in a report by Ctrl Alt Intel. This campaign has reportedly been targeting Kazakh and Afghan entities since at least August 2022.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

- Advertisement -

Previous Articles:

- Advertisement -

Latest News

Sentient’s AI Arena Gains Pantera, Franklin Templeton

Major investors Pantera Capital and Franklin Templeton digital assets are helping test Sentient's new...

Bitcoin Nears 20K Whales Amid Market Volatility

Over 20,000 wallets now hold 100 or more Bitcoin, a key milestone signaling significant...

LUNC Surges 30% as Lawsuit Sparks Trader Short Squeeze

Terra Luna Classic (Lunc) surged 15.5% in 24 hours, nearing a 30% gain over...

New Stablecoin Rules Threaten Coinbase-Circle Deal

VanEck's Matthew Sigel states proposed regulatory guidance merely formalizes rules already in the GENIUS...

Crypto Market Consolidates: Dip or Rally Ahead?

Bitcoin (BTC) fell to $67,000 after being rejected at the $70,000 level, despite a...

Must Read

What Is the Dencun Upgrade for Ethereum?

The Dencun Upgrade for Ethereum is poised to revolutionize the blockchain landscape, offering improved scalability, efficiency, and groundbreaking features. Set to launch at the...
🔥 #AD Get 20% OFF any new 12 month hosting plan from Hostinger. Click here!